On 28.4.2013 19:50, Jakub Hrozek wrote:
> >get a single machine to be able to perform any update, and have this as
> >one of the entries in my "bind update policy":
> >grant SERVICE\047foreman.collmedia....@collmedia.net  wildcard * ANY;

String "SERVICE/ipaserver.example....@example.com" in the example is full principal name including Kerberos REALM. The string "SERVICE" has to be replaced with real service name.

Everything is case sensitive!

See http://www.zytrax.com/tech/survival/kerberos.html#terminology for some Kerberos basics.

Your zone update policy should include something like "grant
host/\047foreman.collmedia....@collmedia.net  wildcard * ANY;"

This example contains an error: Character '/' in principal name has be to replaced with "\047". The corrected example is:
"grant host\047foreman.collmedia....@collmedia.net  wildcard * ANY;"

Petr^2 Spacek

Freeipa-users mailing list

Reply via email to